vm/appvm: add dispvm_allowed property

Speciffy whether DispVM can be created from this AppVM

Fixes QubesOS/qubes-issues#2075

qubes/vm/appvm.py

@@ -37,6 +37,12 @@ class AppVM(qubes.vm.qubesvm.QubesVM):
                                 ls_width=31,
                                 doc='Template, on which this AppVM is based.')
 
+    dispvm_allowed = qubes.property('dispvm_allowed',
+        type=bool,
+        default=False,
+        doc='Should this VM be allowed to start as Disposable VM'
+    )
+
     def __init__(self, app, xml, template=None, **kwargs):
         self.volume_config = {
             'root': {

qubes/vm/dispvm.py

@@ -136,6 +136,10 @@ class DispVM(qubes.vm.qubesvm.QubesVM):
         This method modifies :file:`qubes.xml` file.
         The qube returned is not started.
         '''
+        if not appvm.dispvm_allowed:
+            raise qubes.exc.QubesException(
+                'Refusing to start DispVM out of this AppVM, because '
+                'dispvm_allowed=False')
         app = appvm.app
         dispvm = app.add_new_vm(
             cls,